Today, a Denver non-profit medical group announced its database had been hacked and patient data compromised.

The group believes hackers may have accessed patient names, phone numbers, and medical conditions. It’s not believed that hackers were able to access billing information like credit cards.

Computer safety experts are warning other consumers to beware of hackers targeting medical data as it’s proving to be a valuable gateway for other consumer data. “It's incredibly valuable especially when it's medical information because it's tied to virtually everything," said John Sileo of ThinkLikeaspy.com, a identity theft protection agency.

How often do breaches of medical data occur? More than you'd think. [More...]

96% of health care organizations have experienced at least one data breach in the past two years....Nearly half of health organizations do nothing to protect data on mobile devices ....only 23% of health care organizations use mobile device encryption.

The insurer Health Net suffered one of the worst, when nine data servers went missing from a Northern California data center in January. The servers contained records of nearly two million current and former policy holders.

Two out of six of our top breaches are medical breaches. Data breaches in the healthcare industry are up 32 percent over last year, according to one report.

That report says breaches of health records are not just up, but "soaring."

The health information of more than 4 million members of the military health plan (TRICARE), (which was maintained by Department of Defense contractor Science Applications International Corporation (SAIC)) was breached in 2011. A $4.9 billion lawsuit is pending. How did it happen? Backup tapes were stolen from a data contractor's car.

I haven't seen any reported data breaches with Good Health Systems, which stores and manages the prescription monitoring data for Colorado and several other states. Its practices, outlined in this Jan. 2011 proposal to Vermont to procure Medicaid rebates, seem designed to maintain security. But it can't guarantee security against hackers and doctor or pharmacy negligence or incompetence.

So long as doctors, pharmacists and their agents can access the databases with only a user name and password, they are as vulnerable to being breached as any other database. That only 1 state has reported a breach so far, doesn't mean more incidents won't happen.

Massive electronic databases that contain our personal medical records carry big security risks. It's one thing for electronic medical records to be used as initially intended, for providing better patient care and cost effectiveness. When it comes to prescription monitoring, which was initially billed as a means for doctors to provide better patient care by identifying which of their patients may have problems so they could educate them, but has morphed into a means for law enforcement to catch some pill abusers, the risk is hardly justified. In fact, it's unacceptable.

You can hack anyone to get the data, but medical data is not as well guarded as credit card company data because by their nature medical practices do not believe that the world is filled with criminals who are out to get them.

I assume that these are laptops used by employees to access the database.

Again assuming that a halfway decent security protocol is employed... 7 letter/number password with an automatic lock out after 3 failures with a system administrator re-admittance required... then I assume that the password has been saved on a file in the computer that the "hacker" can easily find.

Rap some knuckles really hard if they have their password easily found and institute the above and you have 45-50% of the problem solved.

thought of this before! got to get up pretty darn early in the morning, to get one over on you guy!

Rap some knuckles really hard if they have their password easily found and institute the above and you have 45-50% of the problem solved.

really? i mean, really, that's the absolute best solution you can come up with? you gave this what, two seconds of deep thinking?

the basic problem with this approach (and it's standard policy in every functioning entity) is that you can only "rap knuckles" but so hard, unless you intend to turn over your entire workforce every few months. not really economically feasible. as well, most companies have so many different applications, each requiring their very own unique set of user ID/pw, that no normal person can possible be expected to remember them all.

there are possible solutions in the works, everything from using fingerprint ID, to DNA, just to access the machine. the problem is that none of these methods is ever going to be 100% hacker proof, ever. the harder you make it to access data, the slower your own employee's become, reducing productivity.

...is we have no control over this data, including who has access to it. And this data to me is far more valuable then what I leave at the GAP to buy a shirt.

With them I am willing to give them a very small and safe amount of data for my convince. And if there's is a breach, I can cancel my CC and forgo their services in the future, if I choose.

Not true of my medical records, they can't be cancelled/deleted once they are breached. That data could, in theory, go viral and never be erased from the internet.

I understand there is a benefit, but I should be the one making that risk/reward assessment. My old doctor was a paper man, and I loved it, he was old school, and understood the importance of privacy. My last doctor gave me a card so I could check my test results online. I haven't been back*.

Granted, as I get older I may revisit the benefits of having my data available on a network, but I should be the one deciding if it benefits me, not Corporate Health Care and Big Insurance deciding if it benefits them. I will pay a charge to keep my stuff in a paper file on a dusty shelf.

Think of leverage medical records could garner someone. How much would some people pay for politicians medical history, their boss'. or a judges', it frightening.

It's not right that we have absolutely no control in how our information is handled and apparently no recourse when it compromised.

*Side Note: The computer in the examination room hadn't been logged out, I just glanced at the name, and it was a older female co-worker I talk to occasionally. I know, in Houston, what are the odds. And the worse thing is I wanted to tell her of their carelessness, but I didn't want her thinking I was out-of-line. I was just curious as what was on the computer, never occurred to me it would another patients information.